How to Build a Remote Security Mindset

Millions of employees are now working from home as a result of the COVID-19 pandemic. Meanwhile, business is booming for cybercriminals: We’re seeing a recent and unprecedented surge in successful cyberattacks. Worse, the cost of those attacks is climbing exponentially and is expected to hit as much as $6 trillion annually by next year.

To address the problem, executives must reexamine their assumptions about security and the systems they have relied upon in the past. Here's how to instill a culture of security in your remote teams.

Focus on security awareness and training

Many cybercriminals prey on human fallibility. Email phishing attacks are an all-too-common example of this. In email phishing, success relies on two things: accessibility and naivety.

The likelihood of this happening is much higher than you might expect. Our report, Odds of a Bad Bet, recently suggested that the chances of an employee spotting a phishing email are as slim as hitting a specific number on the roulette wheel. This issue is widespread and affects all industries: In 2019, 966 government agencies fell victim to ransomware attacks, many of which started from an employee email.

In the workplace, most employees are protected by some level of perimeter-based security and support. Remote workers, on the other hand, are more exposed and increase the risk of spreading damage throughout their company’s interconnected systems. To help combat this challenge, it’s crucial for companies to provide cybersecurity training for all employees. This training should include the following basics:

Educate employees on the repercussions of a successful cyberattack/breach.

This is important because many breaches happen when employees don’t recognize common weak points and don’t understand how catastrophic a successful cyberattack can really be.

Provide practical examples.

This can take the form of how different roles in your business might come across risky scenarios in their daily operations. Discuss the repercussions in layman’s terms, and include detailed real-world examples of how cyberattacks have crippled companies.

Offer specific, actionable tactics for employees to use.

Train them to diligently scrutinize everything that comes into their digital space and ask them to authenticate everything to the best of their ability. This means encouraging them to be suspicious of domains, names, messages, or subject lines that may look slightly “off” or that they do not immediately recognize.

Prepare employees for a worst-case scenario.

No cybersecurity defense is 100% bulletproof, and if a cybercriminal slips through the cracks – even if everyone has done their part correctly – it is important to ensure that everyone on your team knows how to handle the situation.

Security is a mindset that should be consistently at the forefront of all operations. Offer your employees frequent opportunities to apply and refine their security skills. Keep them informed of the latest threats and tactics from bad actors. And always maintain the broader perspective, focusing on how security aligns to the success of the entire business.